Two years ago I’ve tried my hand at cracking something, it’s quite an unknown game, Arena Wars was the name. I always found it fun to take it for a spin, try out a match or two, then forget about it for a couple months.
Until inevitably, the reason for this project came up. See the game originally came in a disk, and it worked fine at the time, as time moved on however, disk drives ceased to be a thing, now only emulating drives, or plugging drives via USB was possible. Guess what, the game’s builtin DRM did not recognize either of them and now I had a game that I owned but could not play. Only way to get it back is by cracking it, it’s abandonware too, so its not like anyone gives a damn.
My first try wasn’t very successful, x64dbg is a very complicated tool and to anyone who isn’t used to reverse-engineering, it’s a brutal way to start. Hence giving up, a few months ago I tried with a new technique.
The game, albeit very old, was one of the first to be built in .NET, the same framework which powers Unity games. This meant that there were decompilers (like dnSpy) which could decompile the code and make it easily editable.
Unfortunately there were two problems with this approach:
- Arena Wars is so old that modern decompilers only support decompiling the code, but not recompiling changes directly, those changes needed to be done manually in the IL code. If you don’t know what that is, it’s basically working in Assembly, one step above writing in bits and bytes.
- The code was obfuscated, meaning I had no idea what any of it did, only how it’s structured. Making matters worse was that the game had multiple languages, meaning that I couldn’t even directly search for text to find what i needed.
So despite being able to see the code, I had my work cut out for me. What followed was a whole trial and error. If the game thought it wasn’t legit, it launched in Demo mode, I had to figure out where it got the check for the CD from and flip it so it thought it was legit. Because that I was writing tweaks in IL code, given my skill level, the most I could do is change a + to a - for example, or a < to a >. If I wrote new code or added complex functions, it would change the size of a class and crash the game.
Eventually though I got to where the changes were affecting how the game responded. I discovered the game had an alternate Multiplayer Demo mode, (basically the same thing), as well as a fake real mode. Where it says its legit, but nothing works. While I did this, I took various notes, learning what each function most likely did, steadily building my knowledge of how the game worked, until I discovered where it checked the CDs.
Soon enough, I got lucky and the Demo was no more. I intercepted the response code from the CD check and mangled it quite a bit, now it thinks its legit. Dunno how or why, but now it does. Anyways, soon after cracking it, I ended up cleaning the crack, figuring out exactly which change did it the trick in the executable and boiled down the entire crack to a single changed byte.
Overall, it was quite like a brainteaser, fun to solve, and my reward was getting my game back!
Not saying that anything like SECUROM or DENUVO are next, but for those that like this kind of thing, I imagine they’d start small and slowly get to that level. At the end of the day, it’s only a puzzle.
Extras:
Thank you for reading about my journey. Have a day full of wonder!
Edit: If you can’t see the images clearly, that’s probably because you’re seeing them in Imgur’s mobile site. When in a phone it automatically redirects you there with a garbage version. To see them clearly, switch on desktop view. >:(
You too can be a Cracker
ಠ_ಠ
I was born a cracker.
Phrasing! Are we still doing “phrasing”?
said ripley to android bishop
Hey! I thought I couldn’t do it until I tried. :3
Sidenote: Background in programming or computer science may be required.
i cant tell if youre genuinely unaware or joking but either way its hilarious
if you enjoy this, there are various CTF “crackme” challenges available - the most famous one being the radare2 tutorial crackmes. The have different diffuculties from really easy to mind-bendingly difficult.
That was a great story. 😉
Maybe I try cracking a game sometime! I used to play MyPlayCity games all the time and i can’t even open them because they aren’t even on myplaycity website and the ones aren’t opening at all and I don’t know why. I wish I could just play all the MyPlayCity games without worrying about anything!
This sounds like game genie for gown ups 😅
where do you recommend someone starting from? do you have any resources that can help?
I may make it sound easy, but when I did this, I already had 8 years worth of C# experience. I definitely recommend that you learn how to program first, then once you know what you’re doing. Read up on some tutorials on reverse-engineering. General practices, that sort of thing.
When you’re ready, pick the right tool for the job. If you can decompile to get the code out (like dnspy for example in .NET programs), that’s much easier, other languages may require other tools, C++ will likely require hardcore programs such as x64dbg, and you don’t wanna touch that until you can understand Assembly to at least a passable degree.
TL DR: It’s hard, but there is a path there, don’t eat more than you can chew.
Kinda depends on how much you’re familiar with low level programming.
For a quick check to see if it’s for you start by learning a little about how a processor works here (the first episode can get a bit condescending at times, but it’s good info).
Then try diving into a disassembly CTF like MicroCorruption.
If you (somehow) enjoy both those things, consider learning C and specifically how to use it to break things through shellcode.
C Programming: A Modern Approach, and The Shellcoder’s Handbook are great resources for that (look here for instructions on obtaining them 😉).There are lots of books like beginners.re. Programming and knowledge on how a computer works is required. Then crackmes.one if you want to solve challanges.
That’s awesome, I definitely want to give cracking a go at some point. Been messaging around with memory addresses and shit recently.
It’s a fun challenge for sure. For a first one, try not anything too ambitious, modern DRM is bullshit in its difficulty.
As someone who learned to do the most basic things in assembly on a 6502 and was so broke that I couldn’t afford an assembler so I hand coded to ML with a pencil and legal pad, I salute you and your persistence.
No, I salute you! Assembly is miserable, I count myself lucky that all I needed to do is bust out a sheet with the opcodes to figure out what they did. If I had to actually write Assembly instead of just swapping opcodes, this project would be over in an instant.
Well, if you did this in assembly, the steps are the same. You still need to bust out a page on x86 instructions on what they do, and change a single byte somewhere. Its just raw bytes instead of IL.
Reverse engineering is honestly great fun. I’ve been doing it for like 8 years on and off but there is still so much to learn.
I recommend crackmes.one for crackme challanges to sharpen your skills.
Will they start adding denuvo to the challenges?
/s
w32dasm
hiew
0x90 0x90 0x90 0x90
Good times
Congrats dude
Yes, cracking .NET app with dnSpy is way easier than raw x86 Assembly. I cracked some bought software we use at work, because the stupid DRM made my job harder. Lucky for me because they were written in .NET. I also bypassed some limits set by the app. I tried IDA pro but the gui is already complex. You also need to know how .exe file works and how it gets loaded in memory with the libraries.
@ArkyonVeil
Very interesting read!Your persistence was palpable.
I’m not even sure where I’d start if I needed to do something like this. There’s at least one game I’d like to make a nocd crack for at some point, may give that a shot when I’ve got some free time…
Thanks for sharing the write-up 🏴☠️
There’s always a path that leads to where we need to go. For me, I kind of started to get interested when I watched this Excellent video by Exilelord (He did something way harder which was fixing a bug and later adding outright features in a AAA game obfuscated by SECUROM).
My first rodeo was probably cracking the level security of Synthriders, that one wasn’t obfuscated and was modern so it took me about 1-2 hours to get it to spit out the password for the level files.
Then… the only logical way up was cracking an actual game.